Vulnerability Note VU#649212

libpng fails to properly initialize element pointers

Overview

Libpng contains a vulnerability in the way element pointers are handled.

Description

A vulnerability in the way libpng handles element pointers may result in uninitialized element pointers. This vulnerability is due to an off-by-one error introduced in multiple functions in libpng-0.89c. According to the PNG Development Group:

If the application runs out of memory during the loop, some of the element pointers will be uninitialized. Libpng will then longjmp to a cleanup process that attempts to free all of the elements in the array, including the uninitialized ones. This behavior could be forced by a malevolent input.

Note that this issue affects all versions of libpng prior to libpng-1.0.43 and libpng-1.2.35.

Impact

This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service.